Computer hackers infiltrated the federal Conservative Party website and accessed information about people who donated online, a spokesman has confirmed.

Over the course of his time as prime minister, Stephen Harper has taken many controversial risks when it comes to Quebec, argues Chantal Hebert.

By:Joanna SmithOttawa Bureau, Published on Wed Jun 08 2011

OTTAWA—Computer hackers infiltrated the federal Conservative Party website and accessed information about people who donated online, a spokesman has confirmed.

“We are very disturbed by this hacking and will continue our internal investigation, as well as work with authorities on this matter,” Conservative Party of Canada spokesman Fred DeLorey said in a statement Wednesday afternoon.

A Twitter user claiming responsibility for hacking the party website linked to a list of names and email addresses allegedly belonging to party contributors Wednesday morning.

“The conservatives said no contributor data was accessed … I wonder where this sample came from then!” said a post on the Twitter account called LulzRaft.

The post then linked to a webpage titled “Conservative Donation Contributers” [sic], which included a list of 1,719 names and email addresses and an option to download thousands more.

The same Twitter account had earlier claimed responsibility for a hoax that had the Conservative Party website claiming Prime Minister Stephen Harper was rushed to hospital after choking on a hash brown Tuesday morning.

“It has come to our attention today that information that was stored by our web site host was hacked into,” DeLorey confirmed in his statement. “The information contains names, addresses, and email addresses of people who donated online through our web host. In some instances the first four and last four digits of the credit card were taken, but no useful credit card information was taken and our internal database was not hacked.”

DeLorey noted that while much of the information is already available publicly through Elections Canada – which publishes the names, cities and postal codes of political donors but not email addresses online – the party would be contacting everyone whose data was taken.

A security expert said the breach is serious for a couple of reasons.

One that personally identifiable information (PII) in the form of emails was made public and the fact the Conservative Party did not sufficiently protect it.

Chester Wisniewski, a senior security adviser at Sophos Canada, an international security firm, said Canada is one of the few country where email is considered to be a piece of personal identity, “which means the law would treat someone stealing that data more harshly and would also treat the people who lost the data more harshly,” adding the information should have been protected by encryption.

“Canada has some of the stricter law around privacy as far as protecting people’s information,” Wisniewski said. “Arguably both the Conservative Party and the hackers committed a crime here.”

The LulzRaft Twitter account bio references LulzSec, which has claimed to be behind some high-profile hacking in recent weeks.

The LulzRaft account, which did not immediately respond to an email Wednesday morning, claimed no connection to LulzSec beyond what is written in its bio.

The same Twitter account is also claiming responsibility for hacking the website for Husky Energy and posting a fake marketing gimmick promising free gasoline to Conservatives who provided a coupon code referencing the hash brown prank.

Company spokesman Graham White said it was removed from the website shortly after 12 p.m.

“It was definitely not a Husky marketing initiative,” White said, adding that they were still investigating.

Wisniewski said it appears to him that hackers accessed the Conservative Party site just because they could.

He even suggested it looks like someone trying to copycat the hackers who recently attacked Sony and Public Broadcasting Service in the U.S.

He said Lulz in the hacker message board world usually denotes the more prankster type of hacker.

“The whole idea of Lulz is to basically create chaos and mayhem just for the entertainment of it … and then get credit for it,” he said.

With files from Richard J. Brennan

More on thestar.com

We value respectful and thoughtful discussion. Readers are encouraged to flag comments that fail to meet the standards outlined in our
Community Code of Conduct.
For further information, including our legal guidelines, please see our full website
Terms and Conditions.